The PCI-DSS Compliance Service (PCI-C) addresses the compliance concerns of small and medium size business that process credit card transactions. These businesses are required to comply with payment card industry data security standards (PCI DSS, currently version 3.1).
Navigating PCI-DSS compliance by one-self is challenging. There are many obscure and lengthy documents to read and prepare. And there are many technical assessment activities that may be outside the core competency or bandwidth of a client’s team. The PCI-C helps guide the client toward compliance as painlessly as possible, minimizing uncertainty and saving internal bandwidth (on learning and execution).
Illumant will help identify and complete the appropriate self-assessment questionnaires (SAQ A, B, C, C-VT, D, E), and will help prepare any necessary Attestations of Compliance (AOCs). Specific remediation advice and recommendations will be provided in the event that gaps are discovered. Illumant will help manage and monitor remediation activities.
Illumant will also help address all ongoing testing activities:
- Quarterly scans by an Approved Scanning Vendor (ASV) – there are many service vendors. Illumant has relationships with the best-of-breed. If the client does not already have a vendor, Illumant will help select one and set-up the scans
- Quarterly internal vulnerability assessment – Illumant will perform quarterly internal vulnerability assessments on the client’s CDE
- Annual external/internal penetration testing – Illumant will perform annual external and internal penetration testing against the CDE
- Quarterly wireless security assessment – on a quarterly basis, Illumant will scan for rogue wireless access points connected to the CDE
All testing will be performed remotely vis-à-vis an on-site appliance to minimize disruption to the client. Retesting will be performed to ensure issues and risks have been remediated.
In short, Illumant will identify and prepare all necessary compliance documentation (SAQs and AOCs). Illumant will help manage any remediation activities. Illumant will address all testing requirements. Illumant will coordinate and manage your PCI compliance activities to make it easier for you to achieve and maintain compliance and protect your credit card data.